Windows 11 e 10: arriva il Patch Tuesday di aprile 2025
#Aggiornamenti #Aprile2025 #BugFix #Computer #Copilot+ #Correzione #Laptop #Microsoft #Miglioramenti #Notebook #Notizie #Novità #PatchTuesday #PC #SistemaOperativo #TechNews #Tecnologia #Update #Vulnerabilità #Windows10 #Windows11 #ZeroDay

https://www.ceotech.it/windows-11-e-10-arriva-il-patch-tuesday-di-aprile-2025/

Google rilascia un update Android per 2 bug zero-day critici
#Aggiornamenti #Android #AOSP #BugFix #Exploit #Google #MobileSecurity #Notizie #PatchDiSicurezza #Sicurezza #Smartphone #Tablet #TechNews #Tecnologia #Update #Vulnerabilità #ZeroDay

https://www.ceotech.it/google-rilascia-un-update-android-per-2-bug-zero-day-critici/

Google fixed two actively exploited Android zero-days – Source: securityaffairs.com https://ciso2ciso.com/google-fixed-two-actively-exploited-android-zero-days-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Security #Android #hacking #zeroday #Google

Ever wonder how hidden security flaws can unlock your phone? Zero-day vulnerabilities aren’t just a hacker's tool—they’re a secret weapon even governments use, sparking an ethical arms race in cybersecurity.

https://thedefendopsdiaries.com/understanding-and-addressing-zero-day-vulnerabilities-in-cybersecurity/

#zeroday
#cybersecurity
#androidsecurity
#ethicalhacking
#infosectrends

I put on Zero Day, and oh no it's a Y2K movie for 2025. l33t h4xx0rz crash trains (which still exist?), infect phones, but TV still works just fine. They somehow get video from peoples' phones during accidents, during which the phones are dead‽

OLD MAN ex-President is the only one who can cope! Wolf Blitzer plays himself, an actor faking being a news anchor like always.

This sets a new low bar for stupid cyber shit.
#zeroday #cyber

Cyberattacks by AI agents are coming

Agents could make it easier and cheaper for criminals to hack systems at scale. We need to be ready.

by Rhiannon Williams, April 4, 2025

"Agents are the talk of the AI industry—they’re capable of planning, reasoning, and executing complex tasks like scheduling meetings, ordering groceries, or even taking over your computer to change settings on your behalf. But the same sophisticated abilities that make agents helpful assistants could also make them powerful tools for conducting cyberattacks. They could readily be used to identify vulnerable targets, hijack their systems, and steal valuable data from unsuspecting victims.

"At present, cybercriminals are not deploying AI agents to hack at scale. But researchers have demonstrated that agents are capable of executing complex attacks (Anthropic, for example, observed its Claude LLM successfully replicating an attack designed to steal sensitive information), and cybersecurity experts warn that we should expect to start seeing these types of attacks spilling over into the real world."

Read more:
https://www.technologyreview.com/2025/04/04/1114228/cyberattacks-by-ai-agents-are-coming/?utm_source=firefox-newtab-en-us
#Cyberattacks #ZeroDay #AI #LLMs #Cyberwarfare

Grab your beverage of choice , because there's a LOT to recap from the last 24 hours. Check it out here https://opalsec.io/daily-news-update-friday-april-4-2025-australia-melbourne/

There's a lot to digest, so if you're running between meetings or scoffing down a quick lunch before the next - here's the TL;DR on the key points:

Urgent Ivanti Patch Alert: A critical RCE zero-day is being actively exploited by suspected China-nexus group UNC5221, who are deploying new malware (TRAILBLAZE, BRUSHFIRE).

Fast Flux is Back in the Spotlight: Five Eyes agencies dropped a joint advisory on the increased use of this evasion technique by sophisticated actors (ransomware gangs, state-sponsored groups). It makes tracking C2s & phishing sites a real headache by rapidly changing IPs/nameservers.

GitHub Supply Chain Attack Deep Dive: Remember that complex attack targeting Coinbase via GitHub Actions? Unit 42 traced its origin back to a single leaked SpotBugs Personal Access Token from late 2024! A huge reminder about token hygiene, the risks of mutable tags, and those cascading dependency threats. Rotate secrets if you use SpotBugs, Reviewdog, or tj-actions!

Oracle's Cloud Breach Saga Continues...: Oracle reportedly admitted a breach to customers, framing it as a "legacy" (pre-2017) environment issue, yet, the actor leaked data allegedly from late 2024/2025. The focus on "Oracle Cloud Classic" vs. OCI feels like damage control over transparency. As I put it in the blog, their handling doesn't exactly inspire confidence – trust is earned, folks.

Rethinking Disaster Recovery in the Ransomware Era: DR is way more than just backups now. With hybrid environments sprawling and ransomware the top threat, recovery is Incident Response (detect, isolate, wipe, reinstall, restore). Homogeneity might simplify recovery, but beware of single points of failure (hello, CrowdStrike outage!).

Mass Scanning Alert: Seeing increased probes against Juniper devices (looking for default 't128' creds - change 'em!) and Palo Alto GlobalProtect portals. Motives are unclear – could be recon, botnet building, or sniffing for vulnerabilities. Keep those edge devices patched and hardened!

New Malware 'Wrecksteel' Hits Ukraine: CERT-UA warns of a new espionage malware targeting state agencies and critical infrastructure via phishing. Deployed by UAC-0219, Wrecksteel exfiltrates documents and takes screenshots.

INC Ransomware Claims State Bar of Texas: The second-largest US bar association confirmed a data breach after INC ransomware listed them on their leak site.

Stay informed, stay vigilant, and let me know your thoughts in the comments! What's catching your eye this week?

Stay ahead of evolving threats with threat intelligence from Trend Vision One™. Proactive security starts with insights on Russian threat actor Water Gamayun’s latest tactics exploiting a #zeroday #vulnerability in Microsoft Management Console. #CyberSecurity https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=032025_WaterGamayun

Ready for a fresh day of Cyber horrors? Me neither!

Oh well, here you go: https://opalsec.ghost.io/daily-news-update-wednesday-april-2-2025-australia-melbourne/

Here's a few of the key items to be aware of:

Palo Alto GlobalProtect Scans: Observed a significant spike in scans targeting Palo Alto Network GlobalProtect login portals, possibly prior to new exploit releases. Time to audit those logs!

China as Top Cyber Threat: Gen. Paul Nakasone (former NSA/Cyber Command Head) highlights China's unprecedented cyber activities, including malicious code in critical infrastructure and rapid exploitation of vulnerabilities. It's time to rethink our defense strategies!

North Korean IT Worker Expansion: North Korean "IT warriors" are infiltrating European companies, using fake identities to secure remote work and fund their regime. Stay vigilant and double-check those remote hires!

Identity Flaws in Breaches: A new report indicates 60% of incidents involved an identity attack, with compromised valid accounts being a top initial access vector. Focus on robust MFA, least privilege, and AD security!

Read the full post for all the details and more actionable insights, and if you want all this straight to your inbox, you're in luck! https://opalsec.ghost.io/daily-news-update-wednesday-april-2-2025-australia-melbourne/#/portal/signup

We finished watching #ZeroDay yesterday, and OMG what a ludicrous centrist fantasy: wanting to make an antifascist TV-show while continuing the anti-extremist "both sides" narrative is embarrassing. At one point they set white nationalists and BLM-radicals as equivalent threats

0d - #Zeroday: 0d122 - #PGP per #DNS

Für die heutige Episode hat sich Sven die verschiedenen Möglichkeiten angesehen, um PGP-Keys per DNS auszuliefern und eine eigene Bewertung durchgeführt.

Es kristallisiert sich ein klarer Favorit heraus, bei dem Stefan jedoch ein durchaus reales Risiko sieht, dessen Eintrittswahrscheinlichkeit jedoch nicht abschätzbar ist.

Webseite der Episode:
https://0x0d.de/2025/03/0d122-pgp-per-dns/

Mediendatei:
https://zeroday-podcast.de/podlove/file/987/s/feed/c/mp3/0d122.mp3

@zeroday@chaos.social
@zeroday@podcasts.social

malicious npm packages (again) targeting cryptocurrency projects, CEOs cranky over CVEs, and BlackLock gets pantsed - here's your Friday wrap up in Infosec News

https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne/

Here's a quick rundown of what's inside:

npm Package Nightmare: 10 packages compromised by an infostealer campaign targeting developer environments. Sensitive data was siphoned off to a remote host. Most of the packages are still available on npm, so be careful!
Firefox Flaw: A critical sandbox escape vulnerability (CVE-2025-2857) patched in Firefox 136.0.4. Windows users, update ASAP! This one's similar to a Chrome zero-day used in espionage campaigns.
Ransomware Reckoning: Advanced, a UK healthcare IT provider, slapped with a £3.1 million fine after a LockBit ransomware attack. Lack of vulnerability scanning and poor patch management were key factors.
Extension Exploitation: Browser extensions can be bought and repurposed, posing a sneaky threat to enterprises. An extension was bought for $50 and was quickly repurposed to redirect traffic.
Solar Scare: Dozens of vulnerabilities in solar inverters could let attackers disrupt power grids. Remote code execution, device takeover, and more are possible.
CrushFTP Clash: CEO responds aggressively to VulnCheck after critical unauthenticated access vulnerability (CVE-2025-2825) is released. Vulnerability disclosure and patching processes need to be improved!
Pegasus in Serbia: Journalists targeted with Pegasus spyware, marking the third time in two years that Amnesty has found Pegasus deployed against Serbian civil society.
Mamont Malware: Russian authorities arrest three for developing the Mamont Android banking trojan. This malware steals financial data and spreads through Telegram.
Ransomware Reverse: Resecurity infiltrates the BlackLock ransomware gang, gathering intel to help victims. LFI vulnerability exploited, and data shared with authorities.

Stay vigilant out there, folks!

Lesli Linka Glatter on ‘Homeland’ to ‘Zero Day’ and Bringing Production Back to Los Angeles
#TV #TVFeatures #DGA #EricNewman #Hollywood #Homeland #ImperfectWomen #Labor #LesliLinkaGlatter #Netflix #NoahOppenheim #Production #RobertDeNiro #ZeroDay

https://www.hollywoodreporter.com/tv/tv-features/lesli-linka-glatter-homeland-zero-day-los-angeles-production-1236172455/

Notfall-Update Google Chrome

Ja, ich weiß, ich hatte mal versprochen, über Google Chrome und seine (teils konzeptionellen) Sicherheitslücken nicht mehr zu berichten. Heute mache ich eine Ausnahme, weil wahrscheinlich auch Chromium und seine Weiterentwicklungen (Brave, Cromite, Opera, Vivaldi) betroffen sind. In Chro

https://www.pc-fluesterer.info/wordpress/2025/03/27/notfall-update-google-chrome-2/

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html #Webbrowser #Browser #Chrome #ZeroDay

Hey #CyberSecurity pros! Ready to dive into the latest threats and breaches making headlines?

Our latest blog post is packed with need-to-know info to keep you ahead of the curve.

https://opalsec.io/daily-news-update-thursday-march-27-2025-australia-melbourne/

Here's a quick rundown of what's inside:

FamousSparrow's Return: The Chinese government-backed hacking group is back, targeting organizations in North America. Important distinction: ESET insists on tracking them separately from Salt Typhoon. Remember to prioritize TTPs and IOCs/IOAs accordingly!

RedCurl's Ransomware Twist: This corporate espionage group is now deploying "QWCrypt" ransomware, targeting Hyper-V servers. Phishing emails with malicious IMG attachments are the initial attack vector.

StreamElements Data Breach: A third-party service provider suffered a breach, exposing data of 210,000 customers.!

NSW Court System Data Theft: Sensitive documents, including AVOs, were stolen from the NSW Online Registry website. This could have serious consequences for victims of domestic violence.

NYU Website Defacement: A hacker compromised NYU's website, leaking personal data of over 1 million students. Even with good intentions, the collateral damage is unacceptable.

Defense Contractor Fined: MORSE Corp will pay millions for failing to meet federal cybersecurity requirements. Third-party risk management is crucial!

Atlantis AIO Automates Credential Stuffing: This new platform automates credential stuffing attacks against 140 online services. Stay vigilant against brute force attacks!

Chrome Zero-Day Exploited: Google patched a zero-day vulnerability exploited in espionage campaigns targeting Russian organizations. Keep your browsers updated!

UK Warns of 'Com Networks': The UK's NCA is warning of a growing threat from online networks of teenage boys who are "dedicated to inflicting harm and committing a range of criminality." A very worrying trend that we need to be aware of.

Ready for the full scoop? Read the full blog post here https://opalsec.io/daily-news-update-thursday-march-27-2025-australia-melbourne/

#Chrome: Google Patches Chrome Sandbox Escape #ZeroDay Caught by Kaspersky. CVE-2025-278

You need to close and re-start your Chrome today to get it updated to the latest out-of-band security patch.

https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/